Cyber security for small businesses is a trending topic. Every day new cyber threats are emerging, which leads to new research being carried out and new cyber security solutions being developed.
So, as a Yorkshire and Lancashire IT business, we feel it’s our duty to keep you informed on the latest cyber security management services and news.
Here’s a quick overview of the latest stats on cyber crime and the new cyber risks to watch out for. We’ll also look at the cost of a cyber attack, and how to approach cyber security as a business owner.
Cyber Security in Businesses
UK figures show that cyber crime has grown by 40% since 2020, putting the country at the top of the list when it comes to the number of cyber crime victims.
More specifically, in the last 12 months, 32% of small UK businesses and 24% of small charities reported a data breach or cyberattack according to the Government’s ‘Cyber security breaches survey 2023’. This figure rises to 59% for medium sized businesses, and 69% for large businesses. For high-income charities with £500,000 or more in annual income this figure sits at 56%. This means that small business cyber security is less protected.
Cost of Cyber Crime
It takes an average of 277 days to identify and respond to a cyberattack and the cost increases with every day that passes.
But what are the costs?
- Collectively, the economic cost of cyber crime to UK businesses is £21bn per annum, with IP theft address being the most costly at £9.2bn per annum.
- The average cost of cyber crime for UK businesses (counting loss of money, material, and data) is £4,200. Although the total figures for 2022 are lower than they were in 2021, this is not the case for medium and large businesses, where costs amount to £19,400.
- 60% of SMEs go out of business during the 6 months following a cyber attack.
End-User Habits
A threat report published by Proofpoint – 2023 State of the Phish: Europe and the Middle East – uncovered some alarming facts regarding end user behaviour and how local nuances affect gaps in end-user awareness, resilience and risk. These include:
- 33% of EMEA end users admit to taking ‘risky IT actions’ such as clicking unknown links.
- 44% of EMEA working professionals think an email is safe if it contains familiar branding. However, most are unaware that imitating a reputable company is one of the most common scamming techniques.
- Overall, end users aren’t aware of cyber crime concepts, making it easier for cyber criminals to hack into business networks.
- 1 in 3 end users can’t define “malware”, “phishing”, or “ransomware”.
- Of all EMEA countries, Swedish organisations are the most likely to suffer a successful phishing attack, at 94%.
- The Netherlands is the most targeted for cyber attacks by both insiders (86% vs 66% global average) and outsiders (84% vs 68% global).
- Only 35% of German organisations train their employees on insider threats.
Types of Cybercrime
The ways in which malicious hackers target business and individuals online evolve every day.
The latest UK Gov data shows that between 2017 – 2023 the number of phishing attacks rose, whereas malware and ransomware attacks declined:
- Phishing attacks rose from 72% to 79% between 2017 and 2023. However, this figure reached an all-time high in 2022 at 83%.
- Virus and malware attacks fell from 33% to 11%.
- Ransomware attacks fell from 17% to just 4%.
Phishing
According to Proofpoint’s 2023 State of the Phish: Europe and the Middle East report, phishing emails are the most common cyber threat currently facing UK businesses (96%).
Similar numbers are reported in the UK Government’s ‘Cyber security breaches survey 2023’ report:
- Medium businesses 84%
- Large businesses 93%
- Overall figure (including small businesses) 79%
Shockingly, Surfshark revealed that there were 323,972 phishing attacks reported globally in 2021, meaning 888 people fell for a phishing attack every day! Other stats from the report include:
Malware
Although malware attacks aren’t as frequent, they are more targeted towards businesses. According to Surfshark, 4,500 UK businesses fell for a malware attack in 2021.
Ransomware
Ransomware is a type of malware that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid off.
The UK’s National Cyber Security Centre CEO, Lindy Cameron, believes ransomware is now the most immediate cyber security threat for UK businesses.
Social Media
The UK’s National Cyber Security Centre believes social media hacking is also on the rise. Becoming increasingly problematic, social media hacking saw 8,023 reported cases in 2021/22 – a 23.5% increase on the previous period.
Cyber Security Solutions
Let’s see how businesses act in order to protect their valuable information, assets, and client data. How many had vulnerability scans, or managed security services or had regular audits from an external party?
Prioritise Business Security
- The UK is second on the Global Cyber Security Index, just behind the US in terms of how invested they are in protecting against cyber crime.
- 71% of UK businesses and 62% of UK charities report that cyber security is a high priority for their senior management team.
- That being said, the proportion of micro-businesses saying cyber security is a high priority has decreased from 80% in 2022 to 68% in 2023.
Risk Assessment & Recovery
- 3 in 10 UK businesses have undertaken a cyber security risk assessment or any type of IT security audit in the last year — rising to 51% of medium businesses and 63% of large businesses.
- Only 18% of small businesses have carried out work to formally review the potential cyber security risks presented by suppliers – rising to 27% for medium businesses and 55% for large businesses.
- Formal incident response plans are not widespread (21% of UK businesses and 16% of UK charities have them).
Training
- A UK Gov report found that 49% of businesses report seeking information or guidance on cyber security from outside their organisation in the past year. The most common individual sources of information and guidance are:
- External cyber security consultants, IT consultants or IT service providers (mentioned by 21% of businesses and 15% of charities).
- Any government or public sector source, including government websites, regulators, and other public bodies (12% of both businesses and charities).
- General online searching (8% of businesses and 6% of charities).
- UK organisations have the highest rates of training for known target users (52%) among Europe and Middle Eastern countries.
Cyber Security Services for Small Businesses
Specialising in cyber security for small businesses as well as medium ones, DVAD has been helping businesses strengthen their cyber security in Manchester and Leeds, for over 35 years. We offer a comprehensive range of cyber security services and IT security solutions to protect your digital assets and mitigate the risks associated with any cyber threats.
Your current systems’ cyber risks to all the above threats could be identified with a vulnerability assessment or penetration testing. Even if you have already been affected, a anti-virus software could detect and remove malware from your systems. Plus, a managed firewall could monitor and control traffic to protect against unauthorised access.
Do you want to keep your business reputation protected? Find out the 6 Most Common Mistakes that Compromise your cyber security or book a FREE risk assessment for your business in this form.
